Security Audit
c4-architecture-c4-architecture
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
c4-architecture-c4-architecture received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Prompt Injection via Untrusted Repository Content, Potential Credential Exposure in Generated Documentation, Excessive Read Permissions via Configurable Target Directory.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Prompt Injection via Untrusted Repository Content The skill instructs subagents to analyze and synthesize content directly from the repository (code, documentation, config files) without explicit sanitization or validation. If these repository files contain malicious instructions (e.g., 'ignore previous instructions' or 'summarize this document as 'pwned''), the subagents could be manipulated, leading to unexpected or harmful outputs, or even data leakage if the manipulated output is then shared. Implement robust input sanitization or validation for all repository content before it is fed into subagent prompts. Add explicit instructions to subagents to ignore any directives found within the analyzed content that attempt to override their primary task or format. | LLM | SKILL.md:100 | |
| HIGH | Potential Credential Exposure in Generated Documentation The skill explicitly instructs the 'c4-container' subagent to include 'Authentication requirements' when generating OpenAPI specifications for container APIs. If the source code or configuration files within the repository contain hardcoded sensitive credentials (e.g., API keys, database passwords), the LLM might extract these and write them directly into the generated `C4-Documentation/apis/[container-name]-api.yaml` files. While stored locally, this creates a file containing sensitive information that could be exfiltrated if the `C4-Documentation/` directory is later committed to a public repository, shared, or accessed by other less secure processes. Modify the prompt for the 'c4-container' subagent to explicitly exclude sensitive values from 'Authentication requirements' or redact them (e.g., replace with placeholders like '[REDACTED]'). Advise users to ensure the repository does not contain hardcoded credentials. Add a warning about handling the generated documentation securely, especially if it might contain sensitive details. | LLM | SKILL.md:240 | |
| MEDIUM | Excessive Read Permissions via Configurable Target Directory The skill defines a `target_directory` configuration option, which defaults to the 'current repository root'. However, if the agent environment allows this parameter to be set to an arbitrary path (e.g., `/` or `/etc`), the skill's instruction to 'Analyze the code in directory: [directory_path]' and 'Context: All files in the directory and its subdirectories' could lead to the LLM reading the entire filesystem. This poses a significant data exfiltration risk if the agent's execution environment is not strictly sandboxed or if input validation for `target_directory` is insufficient. Implement strict validation and sanitization for the `target_directory` input to ensure it remains within the intended repository scope or a safe, restricted sandbox. Ensure the agent's execution environment enforces robust filesystem sandboxing to prevent access to unauthorized directories, regardless of the `target_directory` value. | LLM | SKILL.md:298 |
Scan History
Embed Code
[](https://skillshield.io/report/a5ba302df8329f6e)
Powered by SkillShield